Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-16 | CVE-2025-3679 | Out-of-bounds Write vulnerability in Pcman FTP Server 2.0.7 A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. | 9.8 |
| 2025-04-16 | CVE-2025-3676 | SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0 A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. | 9.8 |
| 2025-04-11 | CVE-2025-3439 | Deserialization of Untrusted Data vulnerability in Wpeverest Everest Forms The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. | 9.8 |
| 2025-04-11 | CVE-2025-2636 | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. | 9.8 |
| 2025-04-10 | CVE-2024-58136 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. network low complexity critical | 9.8 |
| 2025-04-09 | CVE-2025-3115 | Unspecified vulnerability in Tibco products Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | 9.8 |
| 2025-04-09 | CVE-2025-32375 | Deserialization of Untrusted Data vulnerability in Bentoml BentoML is a Python library for building online serving systems optimized for AI apps and model inference. | 9.8 |
| 2025-04-08 | CVE-2025-24446 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. | 9.1 |
| 2025-04-08 | CVE-2025-24447 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. | 9.1 |
| 2025-04-08 | CVE-2025-30281 | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. | 9.1 |